Undefined array key, 7.1

Mick Dawlings Posted in Technical Support 1 year ago

I'm suddenly seeing this error in the web logs.

PHP Warning: Undefined array key "HTTP_HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374

I notice I'm still running 7.1, would that be why? If so, I'll try to update it asap.

Replies
Indonesian Arsalan Shah Replied 1 year ago

Sadly my team spent many hours figuring out how action passed without valid token then in the end it appeared to be wrong data provided. Also your both sites running OSSN 7.2 where as you said its 7.1 again wrong information provided.

German Michael Zülsdorff Replied 1 year ago

Okay, so your site wasn't actually compromised, you just wanted it to look that way. To emphasize the importance of your issue, or what?

Rest assured: Every report is important to us. Initially. And we do our best to find and fix the bug. And if we get an error log added - all the better. However, if this log turns out to be a fake, fun ends: Our job will evolve to nothing but a pure waste of time then.

How would you expect serious assistance on the one hand when you are screwing potential helpers this way on the other?

The How-to-report-a-bug Guide lists what we need: True data - and no which way ever manipulated crap. If you can't accept that or don't want your true data getting exposed, this public forum is the wrong place to ask for help.

us Mick Dawlings Replied 1 year ago

Sorry Michael, I just edited the token for posting on this site.

German Michael Zülsdorff Replied 1 year ago

Caution: It looks like your site has been compromised!!!

The last line of your log shows a very strange token:

`POST /notification/count?ossn_ts=1702397513&ossn_token=fxxx9`

A valid token would look very much different like

POST /notification/count?ossn_ts=1702553721&ossn_token=245a21ff1ccf1e2a3d5dc07feea147269868b87d15fe476d524547df1d931e2f
us Mick Dawlings Replied 1 year ago

I'll open a support ticked then. This happens on both sites.

Indonesian Arsalan Shah Replied 1 year ago

Share your website URL and dummy account login to [email protected]

us Mick Dawlings Replied 1 year ago

It doesn't seem to happen too often, at least I've not been able to replicate it.

us Mick Dawlings Replied 1 year ago

Yes, my apologies for not thinking of that.
They look like simple hack tests maybe but that should still not throw any errors.

/var/log/php-fpm/www-error.log-20231207:[05-Dec-2023 06:40:51 America/Phoenix] PHP Warning: Undefined array key "HTTPHOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374
/var/log/php-fpm/www-error.log:[10-Dec-2023 06:40:51 America/Phoenix] PHP Warning: Undefined array key "HTTP
HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374

/var/log/httpd/sslaccesslog-20231210:www.domain.com 10.0.0.1 - - [04/Dec/2023:06:40:51 -0700] "OPTIONS / HTTP/1.0" 301 16303 188542 187913 "-" "-"
/var/log/httpd/sslaccesslog-20231210:www.domain.com 10.0.0.1 - - [05/Dec/2023:06:40:51 -0700] "OPTIONS / HTTP/1.0" 301 16303 189033 188656 "-" "-"
/var/log/httpd/sslaccesslog-20231210:www.domain.com 10.0.0.1 - - [08/Dec/2023:06:40:51 -0700] "OPTIONS / HTTP/1.0" 301 16303 189319 188954 "-" "-"
/var/log/httpd/sslaccesslog-20231210:www.domain.com 10.0.0.1 - - [09/Dec/2023:06:40:51 -0700] "OPTIONS / HTTP/1.0" 301 16303 213451 212874 "-" "-"
/var/log/httpd/sslaccesslog:www.domain.com 10.0.0.1 - - [10/Dec/2023:06:40:51 -0700] "OPTIONS / HTTP/1.0" 301 16303 198958 198117 "-" "-"
/var/log/httpd/sslaccesslog:www.domain.com 47.99.136.156 - - [13/Dec/2023:06:40:51 -0700] "GET http://108.170.54.222:80/mysqlmanager/scripts/setup.php HTTP/1.0" 301 - 147454 147219 "-" "-"
/var/log/httpd/sslaccesslog:www.domain.com 185.220.101.39 - - [13/Dec/2023:06:40:51 -0700] "POST /notification/count?ossnts=1702397513&ossntoken=fxxx9 HTTP/2.0" 200 57 163590 162621 "https://www.domain.com/home" "Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0"

German Michael Zülsdorff Replied 1 year ago

Is there no access-log with the same time-stamp?

us Mick Dawlings Replied 1 year ago

I cannot reproduce it or see it happening while watching logs. It just seems to come and go, showing up in the logs.

/var/log/php-fpm/www-error.log

[13-Dec-2023 06:40:51 America/Phoenix] PHP Warning: Undefined array key "HTTPHOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374
[13-Dec-2023 06:40:51 America/Phoenix] PHP Warning: Undefined array key "HTTP
HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 379
[13-Dec-2023 06:40:52 America/Phoenix] PHP Warning: Undefined array key "HTTPHOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374
[13-Dec-2023 06:40:52 America/Phoenix] PHP Warning: Undefined array key "HTTP
HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 379
[13-Dec-2023 06:40:53 America/Phoenix] PHP Warning: Undefined array key "HTTPHOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374
[13-Dec-2023 06:40:53 America/Phoenix] PHP Warning: Undefined array key "HTTP
HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 379
[13-Dec-2023 06:40:53 America/Phoenix] PHP Warning: Undefined array key "HTTPHOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374
[13-Dec-2023 06:40:53 America/Phoenix] PHP Warning: Undefined array key "HTTP
HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 379
[13-Dec-2023 06:40:53 America/Phoenix] PHP Warning: Undefined array key "HTTPHOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 374
[13-Dec-2023 06:40:53 America/Phoenix] PHP Warning: Undefined array key "HTTP
HOST" in /var/www/html/libraries/ossn.lib.javascripts.php on line 379